D-Link Forums
D-Link Enterprise => DGS-1100-Series => Topic started by: pgruetter on April 04, 2016, 04:23:09 AM
-
Hi all
Since this is the only place I found something about the DGS-1100-08, I'll post here as well. My question is about VLAN in general though.
After reading posts on this forum, I'm still not 100% sure if I understood the terms of "tagged, untagged, not member" correctly.
I have 3 switches now, all DGS-1100-08. The setup is somewhat complicated, but here is simple example to show my questions:
(http://i.imgur.com/RzeUmvM.png)
Red is one VLAN, blue in another. Both need to be transported between the switches. So I configure 3 VLANs. VLAN 1 is default. VLAN 2 = blue, VLAN 3 = red.
What is the correct configuration for ports 1-8 in each VLAN?
Are ports 1-4 untagged in VLAN 2 and VLAN 3 ? Or "not member" ? What about VLAN 1 ?
Ports 5 + 7 are "tagged" in VLAN 3, but "not member" in VLAN 1 and VLAN 2 ?
I'm confused ???
Thanks a lot
Patrick
-
Hi,
in your scenario any of your switches has at least one port (left: port 4, middle: ports 1 and 2, right: port 3), that has to transmit more than one VLAN (namely VLAN 2 (blue) and VLAN 3 (red)).
In general if a switch has at least one port to be used with at least two VLANs, you have to:
- Disable Port-Based VLAN
- Enable 802.1Q VLAN
In your case you have to do so for all three switches.
Then:
For the left switch:
- Add a new VLAN 2 (blue) and set port 4 to "Tagged" and port 6 to "Untagged" (leave alle other ports in state "Not Member")
- Add a new VLAN 3 (red) and set port 4 to "Tagged" and port 5 to "Untagged" (leave alle other ports in state "Not Member")
- The already existing VLAN 1 should now have ports 1-4 and 7-8 in state "Untagged" and ports 5-6 in state "Not Member"
- in PVID settings set ports 1-8 to the following PVID values: 1, 1, 1, 1, 3, 2, 1, 1
For the switch in the middle:
- Add a new VLAN 2 (blue) and set ports 1 and 2 to "Tagged" (leave alle other ports in state "Not Member")
- Add a new VLAN 3 (red) and set ports 1 and 2 to "Tagged" (leave alle other ports in state "Not Member")
- The already existing VLAN 1 should now still have all ports 1-8 in state "Untagged".
- in PVID settings set ports 1-8 to the following PVID values: 1, 1, 1, 1, 1, 1, 1, 1
For the right switch:
- Add a new VLAN 2 (blue) and set port 3 to "Tagged" and port 8 to "Untagged" (leave alle other ports in state "Not Member")
- Add a new VLAN 3 (red) and set port 3 to "Tagged" and port 7 to "Untagged" (leave alle other ports in state "Not Member")
- The already existing VLAN 1 should now have ports 1-6 in state "Untagged" and ports 7-8 in state "Not Member"
- in PVID settings set ports 1-8 to the following PVID values: 1, 1, 1, 1, 1, 1, 3, 2
As a result only the devices in the same VLAN (2 or 3) can talk to each other. All devices connected to other ports are assigned to VLAN 1 and can only talk to each other but not to devices belonging to VLANs 2 or 3. The switch management address is only accessible via a switch port assigned to VLAN 1.
If you want to add one of the other ports of any of the three switches to VLAN 2 or VLAN 3, you have to
- Edit the VLAN X (X=2 or 3 respectively) and set the desired port to "Untagged"
- Set the PVID value (in PVID settings) of the desired port to X (X=2 or 3 respectively).
Some basics:
- The PVID value of a port identifies the VLAN that untagged frames entering the port ("receiving direction") will be assigned.
- In the "sending direction" a frame belonging to VLAN X is sent untagged on port Y, if port Y is configured "Untagged" for VLAN X.
- Note: Any port can be configured "Untagged" for at most one VLAN only.
- A port that is configured "Untagged" or "Not Member" for a VLAN X, can be configured "Tagged" for any number of VLANs other than X.
PT
-
Wow! ;D ;D
Thank you so much for the detailed answer. I will try everything later this week and report back if everything worked as expected.
-
Hello PT
I finally found the time to test it. With your detailed answers, I was able to configure everything correctly now. Thanks again!
I'll try to summarize to see if I understood correctly:
Tagged: Frames are already tagged for this VLAN, don't do anything.
Untagged: If a frame belongs to VLAN A and the port is configured as "untagged" for VLAN A, the VLAN Tag is removed by the switch
Not Member: The port doesn't belong to the VLAN and mustn't see any frames meant for this VLAN
PVID: Frames will be tagged with the given VLAN number. This is only true, if the frames are not tagged already.
Cheers
Patrick
-
Hi Patrick,
Tagged: Frames are already tagged for this VLAN, don't do anything.
Untagged: If a frame belongs to VLAN A and the port is configured as "untagged" for VLAN A, the VLAN Tag is removed by the switch
Not Member: The port doesn't belong to the VLAN and mustn't see any frames meant for this VLAN
PVID: Frames will be tagged with the given VLAN number. This is only true, if the frames are not tagged already.
Correct! Perhaps one additionial remark: "Untagged" is meant for frames leaving the switch, while PVID refers to frames entering the switch. This differentiation seems to be specific for D-Link switches (and other vendors don't use this, e.g. Cisco). It does not make much sense for me, because I don't know any scenario (other than academic ones), where I should have to configure two different values for "PVID" and "Untagged" for a given port.
PT
-
Exactly, that's why I didn't really get the meaning of PVID first. Well, as long as it works now ;D
-
Enjoy. ;)
-
what firmware version is this? I have a DGS-1100-16, and my setup doesn't have anything like PVIDs.
I have::
VLAN Mode
Acceptable Frame
Ingress Checking
VID(1-4094)
Action
Allowed VLAN Range
I really wish DLINK had some practical examples of how to set up a vlan. I can do it by hand in OpenWRT but DLINK's way just leaves me stumped.
-
Looks like Patrick's DGS-1100-08 is hardware version A1 (REVA (ftp://ftp2.dlink.com/PRODUCTS/DGS-1100-16/REVA/)) with latest firmware version being V1.10.016 and latest manual (ftp://ftp2.dlink.com/PRODUCTS/DGS-1100-16/REVA/DGS-1100-16_MANUAL_1.04_EN.PDF) being version 1.04 (dated 11-13-2013), while your device is hardware version B1 or B2 (REVB (ftp://ftp2.dlink.com/PRODUCTS/DGS-1100-16/REVB/)). For your model the latest firmware is V.1.01.018 and the GUI, and also how to configure VLANs is different from REVA as described in this manual (ftp://ftp2.dlink.com/PRODUCTS/DGS-1100-16/REVB/DGS-1100-16_REVB_SERIES_MANUAL_1.00_EN_WW.PDF).
-
Sorry for the late answer. Mine is hardware rev. A1, Firmware Version is 1.10.033.